DELTA 556019 0 34004 SVN&X%fJ}v>Wy | fV55facdb0-2c24-11eb-9aac-08002734b9ed"> giteagitea 1.12.6The Gitea Team reports for release 1.12.6:

  • Prevent git operations for inactive users
  • Disallow urlencoded new lines in git protocol paths if there is a porturl>Disallow urlencoded new lines in git protocol paths if there is a port ports/251296B~x^]RMo0 =/yM3nEw D;dIЇ׏r."'AG?Ay)h!RX$GR0@:kI&m'p .$nj@ fͩ"h.Gx25eNR#(B [ M\SB9^.q&]6 f&1!wĨf={ߌf4vb阇kRNA[gpU鷊$sTZttAS<"(njZuvU:řO?DS_(uUJGYb1Mӊ5ǃU]c*}R ջ+~ܷ[$hR^ҽa<6/'1$CpA^r`mVHlBZh"&}EkgjݾᘲJOIrfq)  EV`Uꌉ pl2`C$8TׯD;X Y>ei&kJGQ\t%hv?fawt/uDb؜qa4W(y(]b zzx^;0SFB4(WH%)s~(h~֧yff>^y,ч'Yv/cM)!2b48&>bi+4T&6^J+{i&cL&1%ZY(X(eJ<v/ Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both, potentially leading to a denial of servicegithub.com/nghttp2/nghttp2/releases https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md6 CUPScups 2.2.12Apple zzx^œo1#HMh)DPD{{ҿ6)ȉ/x~,sl|^bB`[*F+ˇ`\Uu898[Br:Ta%+[/L*gt2BNuJ>)VSoQ%lvtfXsdtw`JIOZh>qJ'1!Liru9[NC2dWj1ugaAGNiVXmE\]N<-N1Dj]gӥҮc?h v>X;*4d}&@vRuJp?x{ PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the serverCVE-2017-12615 CVE-2017-12615 2017-08-07d70c9e18-f340-11e8-be46-0019dbb15b3f"> payarapayara 4.1.2.173OJ *guZ-Ջ19uؕi<(Ӏ~4^L, czzx^Oo1)J4$JJQ TqIY{co>= qMq "yM^`rt/n|qs{7xv:Jlg{8}fJ+SQ#& /SxRFAm* r|rm[m S2"WDaR=4L?KdjX\$b[A@\!exaHS`!Z'bL 5@ Qc5t5,@^UNJUu=ۧ㽖UrFueeH?1!lz^/4ALA x1VYM\Tp1L]qTVjRB @[$TP5{w>Ǒ#i^vg3sMwW~7CFa erH~x I?o?PX [{KZ`*q]/,!3P<2?ӓlqzyKXuX B& #-2N1AIdYReWS&)͓P$鍔7Rx}H;%nĘֳyr7*V.Xora$Î"grX!}wOLv$vؕwJ$ΖXPW,F5= G"dzh>4+Tv5)(>{g޶Hu{ 'KaKZώЩ1R:?sNB&;04 Xl~Ss'.fq~Myu(N;E0H.c3"Wͣ4LC~n&~@?j)Ѡ!_ ~\~l^d/.]-11e8-b08f-00012e58216678-5102: Use-after-free in HTML media elements

    CVE-2018-5122: Potential integer overflow in DoCrypt5102 CVE-2018-51222-03 Django -- information leakage "ui41 C!$½G߿~dI'4W)W.1>?F}d˅R8tv>&V@8N*x^uRZ0 KJ'z{RUJckyra^{ gFqeH~ϖd]z]Ml8ȇuW0+E@&N01g Bj;aNi*nX]a1pǀ=#p B@"Q!oYG^M8!lac#x^ePn0$`1Έt=NZ>ʽEW;lZnYD~ƒx4]z'ơ.8/Ca *2=,؀x}!<EwI`leހ܊jEBkxݔ\h&H:] !'Ηe6`5rM9q]Űv^:/W6BGETFnp/KjCD+^OT=UێJ/z}GcXR9rr-LkSV"ɰ&K dǎ^.1M#_򎁏v0]@['x^Qm 9(K:٬XKU/P0Q0uO!4f:$n`i ]S'Q}Qɏ㕒VgL%Q8JX"}ݷ/CshOϢƠT+L7j܀x1D,%BZ"Be5'GyUro\zˬM_=)'#jԞۊos8)Yb9>,F8Ӌs.ۯ%dC_c󋔓&'t4#14kxZ9Nh1%lS+! # fs+7nP,+e3_HLD=eؤW9 %Fym 9l<Ŋ-A`Ϛxur$V}0`q3 axסw]!ޫ$4睖ٳQYhIaiK@c'-Ǵ@"< k7O[##\_) (}SBD~hxwP|af6P 2/8 https://lists.gnu.org/archive/html/qemu-devel/2015-12/msg0293064ffbe04eaafebf4045a3ace52a360c14959d19664ffbe04eaafebf4045a3ace52a360c14959d196 2015-12-23b3f9f8ef-b1bbMegaRAID SAS HBA emulation0 qjkQjk@x^AOA +^EQPgof!JafI` jRXp> Ϛ!k" $j1fFs"IcpD{(f+Tϳ7RG :IFGK_rW%yJ(XS9}r.sl% > 12XOwVͬeZk2*M:I%,UmV5ͨ9_ItlTJǘ/TS(l^鷉dzSC7agnTwo.KӪ^v1wnw0LjOY>9\* x^}RMo0 =/i*r&n`jjA㦋$1=9Ja:ԢtH "AzҍT`,1УҍD4%]^zeC>r"$yBmԙT+X^9㖨ȹGYhњAk-9xb"{[q2핽VvX^he,A6%]l܈9Ky_WZzؕdy-8[f8ӺIo,n;&Țiiv94Eתp2r` ?RvJ<$x^MKn0 @)O2-R1hcEܙۗ7FE=>J pv:q_@D%x^n0 S˲{i = }LZe˕xOa)DBI_ ģdL!5Jg;֛T Φ}veWFEAh*,EQHC{MF.hBOւvÀc fIKTcj-?MKA°"]'xzsF(QZc|R<+"ˏ8 N%xDucvEm*&rlSJ&Wf>6?-o:'!/ `M+l1גȀeN~ov@'_x^Rn <_r'QT굢xiHXj`!^;aw}d‘Pg3}:@} Pzفx|y)e9vr mGҴxs|mZal+{B86.#'==UrbA^;#K30;Yc?WtAgN)4dF.QNSۋ$1B*’n 044MYrwZ~8%cTAod()+ uҴd6W*RkPQC dŧD}NmMICw1mfaw! Üx&`.|5▁ΠL@v?^>Zx^mQn0<_7IV*KP Z[)nڇ*r3;3ڳJ4Lg(g1P^6&ms쫮Y;VY/%gZl޹uJN:` ?7)8nWC 3U3xt8n< m=و UqRCA OW=RɄ16꾬cͫgn۽ | nz[.ŊWKS곊g.J.тyMIJ+A9uI{jo @`<@BҚYEeM(n2l*^XVRDs: l&wx%1~_y%G9Ceف4p!omR^P>%ukE$¡:2N?SYx^U͒ ϛ;dI7!Xؚb`g/nGIHh}a֑d@3E/ qxE9Gڱ<^n5"8o'&qR(c3BUUnYNkJ59q34NdY#ܷ珑6~şoУ9/@͈-X<êU"-St̛CF$Q4^RyA#&kE^woO$L~,Ec;<yYUSct3gaܣB-ܕ^ćOukY +w-R~h>='Y4df .ߪMcDVU0k{xΊ֑3G17siz}$E2TjP3+>wBCSt|k2󕩪d/屁F@%4x^N0EW\uݨyR *b`&(T_{[AwHWC1P||C'YQRg> buGk*]7.NQ@,Ƙr|LeCi '6,wTɅO[pK~0,=9 %5֝㙂x6B:!INmm'6*DJ\ĵJܨZ%T4SfLu Abx:.u;_ x^}Ko0ͯcr-)h -b8z#HJ뻲Z T-9g<Q'hJhBqDzXW_g -EXlOʼV%~ўjk)F4`' FrSSl0ū2IĩxA&A38ޤvF'.v@QkXI ;Β% ,?VgcUIsS_i-}mЋJioi[h|-5P͹ 5Px aYXlEe{m·]{|oy9bwK+ EeZL_`-`)]Rf7 SNSGP4G" _Xֈ/W!Gg} O#k  }I ^D+B-HbʃjT[CۭQ64*E{W5 cM}Od"*L 5eu[?CW0MHPv?hkXlr+d)#N~}hch~Z(PmI IV *8=HpfQ){&*^9ɸSÇö*_IZxq?qfx;@ T>1gV3C9)o"x`J&h~8m-5`>5=ԑl]`b_ 8(qc(瘖Bog+k;}ݴiŀ(\.Eۦ =CI8Nt_v@x^}j ק^FIF`c)]=ie5}+e~JBq:ZIB(UtV(O>'tAN }8MX l9UK{w Z.yon5+R,֜h+/OA\Ek v%zj[EۏnoMGP%(~G@8DdPmޙyxDr )zW>,B0C4!cm|+,oG>aYFdiVxF70x؃ ]cwΎIEtRa$ui(K#^$8ZH4lGkr<m ,΂ƶGuh_te O@1~B0WE~h\n7ao;>|,/TXdF7Hml(I>؝ B0}^>=BZ#M a0-/KEY.TQ{W^eq,.SW+ޖP\9vAeY?JU(v\x^uRn0 =7_!P[$nx(KEc-Ji 3 =|ٷ}W^Gcc_Qj.qo8.z {H- GIVC" U ,Goy`cN!52J>V |UB:i4dRxebM|B]j.$>"Tg8O Z~ÞfPUG)K~agIH#:%'DS$<=cARYZُo/-tJ)m 7qAR5j } }name> 1.0.01.1.9VideoLAN project3.html">

    When parsing some MP4 (MPEG-4 Part 14) files, insufficient buffer size might lead to corruption of the heap. http://www.videolan.org/security/sa11034-0732b05547-6913-11e0-bdc4m 0{{x^j@ۧJ ğ"Rh/n&fٍm޾Y-]f9MXP5AYhl-f7 .Plb 7΂y {f9AOcˁ 6*ԅW^= uz2 bF+ +Y $}'J^"v2Lz IM"aqB&Fd%|&Lx6v!S:{#Pqu]ghA͞GiN2$s>W^BlyPn6K(BxLWed[n 2009-05-22 2010-06-16 aM~hۗWVŞUkX]\ SK*g{(KVmx^94t,ʥʏ)l)LJ>-oDoE-wju";=Ki-\S[gxDPG3c XT.ӯXotT|>70aT`gT[?*u[RQw] ЦWA38p lj/ֿBzu lD;ͺՄp 5 }H|=VH($ q/xklZI$^bܔMY-)Lj`fYv0_@F x^}Qn0<'_wc l[ҦiԻbl"a]Pdx<,Mw$ߕ)"mvFx'Umt~O]"]}Yp D(ݬR;Ŷe/:mêٓ8]+r:On#ftBEQ4V݇-I<-\emε!cs=k@/Aԝ^@LE+FӨ}i*L.zW&Q8)iٕ%|Z~|DCat_ }9HjD8^XZ$ {G~IA }o0P8Mܘ|{tq^_obB,-\Ղlt v?|rx^J1)lV+ݲ* >4u&&[NِdfϺl@鸝jXnK׳]Sf"S.Z ﶓgn}oWΪR %BgZ/kzoBMvrU|0_}`-s(u8&UcQLLGU酚$n@أwƅ>COI%24HơG0 &[ D9-8>E- AF &t,[N IޞL.t)X:*8J͗>ϸԅ-/:#CvDi BxZpyMBV#_p)_~p# x^URKo0 >/襗9~4mz(`Dlegt߃;sF=~7b~qʪ==OؾE 3S#Dhw]dPn %Uqa(Ìa rF=V:€*G<$-ᜨDc܈:C{hos{/[Y sŀ[$}_Nf "9rW8?@c'5d $(D-=>oBɀ23 /D߃Lr'STcYW&3:`]8~חs]CV=5yOG`D`;{?xCBsYyl%*"MS]*S3ׇJˬGYu;fEQǺyo5ΕsU>[J@v@wex^mRM =o~(wlTUU[A%I}7#d`@R *hAPC8c7P3dL.X0_S!%'䒩 VXM

    A stack overflow was found in the code used to handle cddb queries. When copying the album title and category, no checking was performed on the size of the strings before storing them in a fixed-size array. A malicious entry in the database could trigger a stack overflow in the program, leading to arbitrary code execution with the uid of the user running MPlayerŀ>'N~7v~X6x^ERMo0 =7ݑj`aةe:"KDOV'|@=-C5{C;iv:qȌ@>;3㛯5{У%P!62\ 8 F+dlda _=Z:ֺEQnH G#Y˖y6嶔Foyxt:-BkNa\8ŕ^4:D0HjRx!(ܐ[,qG:BQdZ/G?sYbBn]>I8Vy՛2+sؤzM*ܬ|Z7.vV՞Cϗ?o>^?^ў;W/ԅ<ĭH1OTC>"+NM =& WŢ~,߈^d< sx&k}fz$Bs:4âT_ˠ0N@v@j6x^uRn0 x/Ίg3rq\26R:`z&IzQUU5[yй)u#Dv[~M9x^URˎ0<|EkOyL`f:Ngbֱ-=~vAS]NIgov _kt &F-NA3޸.VB)֓D8R.JVZeO6bM>Ff)x@s4hf̓A2A Z_zh"IihG7.QO*WkCI0.q,Hh{׃L{!(R[ -'d*Y7/QOI!!tPb(<7NoMķ5nT4 4:&:)۲.Z]:Ӳ>dUYp|`ٿ+ySZY+7ߏ \|2_N@6v@6x^Mr EPy5կf*l@@v?y##ArsG=N¯Uo lbmb2n:B -}x4SV) >o1Bo;dIi4暫>* ot'mj;$GC̴z5a7ӌQ b…AJ/fݑ+i(:ɈzX-IMV:)pk&̚ OʽmoHW.F b D- ]sPow/jߓ*10vVfd&(F){L9قIb1B!gd MY9bs<֘X\ҙijA2pD k .iNw.*xU^DG }GQ!ƝJy d5 :8tm:չhΪF<'"B<0Z4GU>m*v\ss:w sQ=NUUQ:릕g l(Rn^Y XvR>epwS@*Nvx^mN0E+F,`G6i B5I2T*7{5sjˢfh6uoj4]%FNg5X]od:%\ܑPHedl;¤#k%բeo~GK2M2OPziw_%jIrGGN[*iY4Z**i)̋h>_, ^3Dp! #`CH QA}|X:5)p*aaѣ- ]߽A͒Hsy߇4 C],ړ<-uhzzΟeϯSmOQROZ7xvXx^Qn08t Hq"@) ]IF"d_B3c9=G܈"Y:v ӷ'֏tw`5 q޶t$)Ln&|(\+#FD]|1+*3U߶Ov9 v?kKpZ zx? 2005-01-13 squid -- denial of service with forged WCCP messageswccp_denial_of_service">

    WCCP_I_SEE_YOU messages contain a 'number of caches' field which should be between 1 and 32. Values outside that range may crash Squid if WCCP is enabled, and if an attacker can spoof UDP packets with the WCCP router's IP address5-0095}4ݜھ>pJp q9UH]꙰~Ț ׸[5E:F ?t a о ;Cksl<]Ξ!hZ:{ 5 kQ@DBkx^Rn0>O1{`PEic35bI >g=,g 0x.r?)Y1LI+92Ƒ%Nfl# 0dL`BKLX??h2c#٫v,BU%(zwU:ĂwO&y O&JY@#b֤`Zry>#P).`P c9j`6ZbC'ڼk1U5uo ozuzx^}n Wa_>.d˲cGblw?jMJ yy9`$ rNKs70Dne {%gm{h.y